pbkdf2() public static method

public static pbkdf2 ( $data, $secret, $iteration, $dkLen = 32, $algo = 'sha1' )
示例#1
0
文件: xmpp.auth.php 项目: ZZB/JAXL
 public static function getResponse($authType, $challenge, $jaxl)
 {
     $response = array();
     $decoded = base64_decode($challenge);
     $xml = '<response xmlns="urn:ietf:params:xml:ns:xmpp-sasl">';
     if ($authType == 'X-FACEBOOK-PLATFORM') {
         $decoded = explode('&', $decoded);
         foreach ($decoded as $k => $v) {
             list($kk, $vv) = explode('=', $v);
             $decoded[$kk] = $vv;
             unset($decoded[$k]);
         }
         list($secret, $decoded['api_key'], $decoded['session_key']) = JAXLPlugin::execute('jaxl_get_facebook_key', false, $jaxl);
         $decoded['call_id'] = time();
         $decoded['v'] = '1.0';
         $base_string = '';
         foreach (array('api_key', 'call_id', 'method', 'nonce', 'session_key', 'v') as $key) {
             if (isset($decoded[$key])) {
                 $response[$key] = $decoded[$key];
                 $base_string .= $key . '=' . $decoded[$key];
             }
         }
         $base_string .= $secret;
         $response['sig'] = md5($base_string);
         $responseURI = '';
         foreach ($response as $k => $v) {
             if ($responseURI == '') {
                 $responseURI .= $k . '=' . urlencode($v);
             } else {
                 $responseURI .= '&' . $k . '=' . urlencode($v);
             }
         }
         $xml .= base64_encode($responseURI);
     } else {
         if ($authType == 'DIGEST-MD5') {
             $decoded = JAXLUtil::explodeData($decoded);
             if (!isset($decoded['digest-uri'])) {
                 $decoded['digest-uri'] = 'xmpp/' . $jaxl->domain;
             }
             $decoded['cnonce'] = base64_encode(JAXLUtil::generateNonce());
             if (isset($decoded['qop']) && $decoded['qop'] != 'auth' && strpos($decoded['qop'], 'auth') !== false) {
                 $decoded['qop'] = 'auth';
             }
             $response = array('username' => $jaxl->user, 'response' => JAXLUtil::encryptPassword(array_merge($decoded, array('nc' => '00000001')), $jaxl->user, $jaxl->pass), 'charset' => 'utf-8', 'nc' => '00000001', 'qop' => 'auth');
             foreach (array('nonce', 'digest-uri', 'realm', 'cnonce') as $key) {
                 if (isset($decoded[$key])) {
                     $response[$key] = $decoded[$key];
                 }
             }
             $xml .= base64_encode(JAXLUtil::implodeData($response));
         } else {
             if ($authType == 'SCRAM-SHA-1') {
                 $decoded = JAXLUtil::explodeData($decoded);
                 // SaltedPassword  := Hi(Normalize(password), salt, i)
                 $saltedPasswd = JAXLUtil::pbkdf2($jaxl->pass, $decoded['s'], $decoded['i']);
                 // ClientKey       := HMAC(SaltedPassword, "Client Key")
                 $clientKey = JAXLUtil::hashMD5($saltedPassword, "Client Key");
                 // StoredKey       := H(ClientKey)
                 $storedKey = sha1("Client Key");
                 // assemble client-final-message-without-proof
                 $clientFinalMessage = "c=bwis,r=" . $decoded['r'];
                 // AuthMessage     := client-first-message-bare + "," + server-first-message + "," + client-final-message-without-proof
                 // ClientSignature := HMAC(StoredKey, AuthMessage)
                 // ClientProof     := ClientKey XOR ClientSignature
                 // ServerKey       := HMAC(SaltedPassword, "Server Key")
                 // ServerSignature := HMAC(ServerKey, AuthMessage)
                 foreach (array('c', 'r', 'p') as $key) {
                     if (isset($decoded[$key])) {
                         $response[$key] = $decoded[$key];
                     }
                 }
                 $xml .= base64_encode(JAXLUtil::implodeData($response));
             } else {
                 if ($authType == 'CRAM-MD5') {
                     $xml .= base64_encode($jaxl->user . ' ' . hash_hmac('md5', $jaxl->pass, $arr['challenge']));
                 }
             }
         }
     }
     $xml .= '</response>';
     $jaxl->secondChallenge = true;
     return $xml;
 }
示例#2
0
 public function get_scram_sha1_response($pass, $challenge)
 {
     // it contains users iteration count i and the user salt
     // also server will append it's own nonce to the one we specified
     $decoded = $this->explode_data(base64_decode($challenge));
     // r=,s=,i=
     $nonce = $decoded['r'];
     $salt = base64_decode($decoded['s']);
     $iteration = intval($decoded['i']);
     // SaltedPassword  := Hi(Normalize(password), salt, i)
     $salted = JAXLUtil::pbkdf2($this->pass, $salt, $iteration);
     // ClientKey       := HMAC(SaltedPassword, "Client Key")
     $client_key = hash_hmac('sha1', $salted, "Client Key", true);
     // StoredKey       := H(ClientKey)
     $stored_key = hash('sha1', $client_key, true);
     // AuthMessage     := client-first-message-bare + "," + server-first-message + "," + client-final-message-without-proof
     $auth_message = '';
     // ClientSignature := HMAC(StoredKey, AuthMessage)
     $signature = hash_hmac('sha1', $stored_key, $auth_message, true);
     // ClientProof     := ClientKey XOR ClientSignature
     $client_proof = $client_key ^ $signature;
     $proof = 'c=biws,r=' . $nonce . ',p=' . base64_encode($client_proof);
     return base64_encode($proof);
 }